Threat Database Trojans Trojan:Win32/Grymegat


By Sumo3000 in Trojans

Trojan:Win32/Grymegat is a Trojan infection that has been linked closely to ransomware scams. Trojan:Win32/Grymegat variants first started appearing in Fall of 2012 and present a severe threat to compromised computers. Using Trojan:Win32/Grymegat, criminals can carry out a scam that involves taking over the victim's computer in order to hold it hostage until a ransom is paid. To prevent becoming a victim of Trojan:Win32/Grymegat, ESG malware researchers advise computer users to follow online safety guidelines when browsing the Web and using a reliable anti-malware application to protect their computers at all times.

One of the reasons why Trojan:Win32/Grymegat is difficult to remove is because its payload prevents a computer user from gaining access to security software (or any other application) on the infected computer. Fortunately, it is possible to bypass a Trojan:Win32/Grymegat by using an alternative start-up method such as Safe Mode or starting up from an external memory device.

Trojan:Win32/Grymegat's payload has two parts:

  1. Trojan:Win32/Grymegat blocks access to the infected computer by making changes to the infected computer's settings that impede the PC user from obtaining access to their desktop or files.
  2. Trojan:Win32/Grymegat displays a full screen Web page that cannot be avoided. This web page will claim to be a message from the police demanding the payment of a fine due to a supposed involvement in illicit activities.

Recognizing a Trojan:Win32/Grymegat Infection on Your Computer

How do you know that your computer has become infected with the Trojan:Win32/Grymegat Trojan? The main symptom associated with Trojan:Win32/Grymegat is not being able to access your computer. Instead of your normal desktop, you will be greeted by a full screen message with a fake notification from the FBI (or your country's national police force).

Trojan:Win32/Grymegat will usually enter a computer from a social engineering attack, often involving spam email messages or a drive-by-download on a harmful website. Once installed, Trojan:Win32/Grymegat will make a copy of itself to your computer's start-up folder, a directory that contains items that are loaded upon start-up. It also deletes files associated with itself to make it more difficult to remove this Trojan. Then, Trojan:Win32/Grymegat will make changes to the Windows Registry that ensure that its files run automatically when Windows starts up. Other registry changes carried out also prevent the victim from accessing the start menu, the Task Manager and other components that would normally allow a computer user to bypass the Trojan:Win32/Grymegat message.

SpyHunter Detects & Remove Trojan:Win32/Grymegat

File System Details

Trojan:Win32/Grymegat may create the following file(s):
# File Name MD5 Detections
1. Opera.exe 4a4d8c41e221a5281e43f15d6a2cf727 0

Related Posts


Most Viewed